Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-07 06:25:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

Auto merge of #23347 - Darkspirit:hsts_ca_suffix, r=jdm

Browse source 
Update Public Suffix list, HSTS Preloading list and CA database

* Updated Public Suffix list using ./mach update-pub-domains
* Updated HSTS Preload list using ./mach update-hsts-preload
* Applied tiny format change to etc/cert_generator.sh
* Updated CA [database](https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV) using etc/cert_generator.sh. New CAs are:
  * [bug 1442337](https://bugzilla.mozilla.org/show_bug.cgi?id=1442337) emSign ECC Root CA - C3
  * [bug 1442337](https://bugzilla.mozilla.org/show_bug.cgi?id=1442337) emSign ECC Root CA - G3
  * [bug 1442337](https://bugzilla.mozilla.org/show_bug.cgi?id=1442337) emSign Root CA - C1
  * [bug 1442337](https://bugzilla.mozilla.org/show_bug.cgi?id=1442337) emSign Root CA - G1
  * [bug 1464306](https://bugzilla.mozilla.org/show_bug.cgi?id=1464306) Hongkong Post Root CA 3

---

- [x] `./mach test-tidy` does not report any errors

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23347)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2019-05-13 14:57:02 -04:00 committed by GitHub
commit 2c28e2b64f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 37743 additions and 8975 deletions
Download patch file Download diff file Expand all files Collapse all files

8
etc/cert_generator.sh
View file

@ -13,12 +13,12 @@ set -o pipefail
# and processed with awk.
# 2. Rows end with `"\n`.
# 3. Each row is split by ^" and "," into columns.
# 4. Single and double quotes are removed from column 30.
# 4. Single and double quotes are removed from column 32.
# 5. If column 13 (12 in the csv file) contains `Websites`
# (some are Email-only), column 30 is printed, the raw certificate.
# (some are Email-only), column 32 is printed, the raw certificate.
# 6. All CA certs trusted for Websites are stored into the `certs` file.
url="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV"
curl "${url}" -sSf | gawk -v RS="\"\n" -F'","|^"' \
'{gsub("\047","",$(30));gsub("\"","",$(30));if($(13)~/Websites/)print $(30)}' \
> certs
'{gsub("\047","",$(32));gsub("\"","",$(32));if($(13)~/Websites/)print $(32)}' \
> ../resources/certs